Passwd
User is looked up using getpwnam() call, which usually looks into /etc/passwd file, but depending on NSS configuration it may also look up the user from eg. LDAP database.
Most commonly used as a user database.
The lookup is by default done in the auth worker processes. If you have only a small local passwd file, you can avoid having extra auth worker processes by disabling it:
userdb {
driver = passwd
args = blocking=no
}
Field overriding and extra fields (obsolete in v2.1+)
It's possible to override fields from passwd and add extra fields with templates, but in v2.1+ it's done in a better way by using override_fields. For example:
userdb {
driver = passwd
# Pre-v2.1:
#args = home=/var/mail/%u mail=maildir:/var/mail/%u/Maildir
# v2.1+:
override_fields = home=/var/mail/%u mail=maildir:/var/mail/%u/Maildir
}This uses the UID and GID fields from passwd, but home directory is overridden. Also the default mail_location setting is overridden.
Passwd as a password database
Many systems use shadow passwords nowadays so passwd doesn't usually work as a password database. BSDs are an exception to this, they still set the password field even with shadow passwords.
With FreeBSD, passwd doesn't work as a password database because the password field is replaced by a *. But you can use Passwd-file.